@arcjet/analyze

@arcjet/analyze

Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification, and defense against common attacks.

This is the Arcjet local analysis engine.

• npm package (@arcjet/analyze)
• GitHub source code (analyze/ in arcjet/arcjet-js)

What is this?

This package provides functionality to analyze requests. The work is done in WebAssembly but is called here from JavaScript. The functionality is wrapped up into rules in our core package (arcjet), in turn exposed from our adapters (such as @arcjet/next).

The WebAssembly files are in @arcjet/analyze-wasm. They are separate because we need to change the import structure for each runtime that we support in the bindings. Separate packages lets us not duplicate code while providing a combined higher-level API for calling our core functionality.

When should I use this?

This is an internal Arcjet package not designed for public use. See our Get started guide for how to use Arcjet in your application.

Install

This package is ESM only. Install with npm in Node.js:

npm install @arcjet/analyze

Use

import { generateFingerprint, isValidEmail } from "@arcjet/analyze";

const fingerprint = await generateFingerprint(
  { characteristics: [] },
  { ip: "127.0.0.1" },
);
console.log(fingerprint);
// => "fp::2::0d219da6100b99f95cf639b77e088c6df3c096aa5fd61dec5287c5cf94d5e545"

const result = await isValidEmail({}, "hello@example.com", {
  tag: "allow-email-validation-config",
  val: {
    allowDomainLiteral: false,
    allow: [],
    requireTopLevelDomain: true,
  },
});
console.log(result);
// => { blocked: [], validity: "valid" }

License

Apache License, Version 2.0 © Arcjet Labs, Inc.

Changelog

1.0.0-beta.11 (2025-09-03)

⚠ BREAKING CHANGES

• redact: improve types around custom entities (#4883)
• protocol: remove enum-like objects (#5053)
• env: remove support for explicit port on orb (#4988)

🚀 New Features

• add filter rule (#4802) (40953e1)
• env: Support trailing slashes on ARCJET_BASE_URL (#5035) (db1a4ac)
• ip: expose Cidr type (#4877) (96674f4)

🪲 Bug Fixes

• env: remove support for explicit port on orb (#4988) (3e601d7)
• protocol: Remove change that disjoined IP details and assertions (#4859) (#4913) (3304e9c)
• types: remove need for dom.iterable, dom, lib (#5047) (fba8564)

📝 Documentation

• add info on derivative works to license sections (#4654) (d427c39)
• add JSDocs to exposed API in 10 utilities (#4741) (f836ea2)
• analyze-wasm: add JSDocs (#4996) (e7a4ba6)
• arcjet: add JSDocs (#4997) (de57d5e)
• astro: add JSDocs (#5015) (131e781)
• bun: add JSDocs (#5018) (a9e946a)
• deno: add JSDocs (#5031) (18a2700)
• examples: remove unneeded port from steps (#4987) (a908b16)
• fastify: refactor JSDocs (#5032) (9c7405f)
• logger: add JSDocs (#4839) (107c145)
• nest: add JSDocs (#5034) (0ff6b3f)
• next: refactor JSDocs (#5038) (fc61a27)
• node: add JSDocs (#5039) (309738a)
• nosecone-next: add JSDocs (#4841) (689ea3c)
• nosecone-sveltekit: add JSDocs (#4842) (de708af)
• nosecone: add derivative works to readme (#4854) (73f2bcb)
• nosecone: add JSDocs (#4840) (ead53e5)
• protocol: add JSDocs (#4851) (c1021e9)
• readme: fix list of example apps (#4891) (36ea1ca)
• readme: fix list of quick start guides (#4890) (e90d6e4)
• redact-wasm: add JSDocs (#4844) (e187ff8)
• redact: add JSDocs (#4843) (b6b14bb)
• remix: add JSDocs (#5049) (4a9efcf)
• rollup-config: add JSDocs (#4845) (3b5b477)
• runtime: add JSDocs (#4846) (a740694)
• sprintf: add JSDocs (#4847) (a5b5084)
• sprintf: add JSDocs (#4848) (d9b0adb)
• stable-hash: add derivative work to readme (#4858) (b693f2b)
• sveltekit: add JSDocs (#5050) (8077f9c)
• transport: add JSDocs (#4849) (a59390b)

🧹 Miscellaneous Chores

• decorate: add type errors for invalid values (#4865) (0f73483)
• example: Update Gatsby overrides (#5036) (fd0b115)
• headers: expose named export, deprecate default (#4860) (8d716b9)
• ip: expose named export, deprecate default (#4876) (fcb83a3)
• logger: rename LoggerOptions to Options (#4874) (78962de)
• normalize package-lock.json (#4794) (e17962b)
• nosecone-next: expose named export, deprecate default (#4879) (605e647)
• nosecone-sveltekit: expose named export, deprecate default (#4880) (d0e9aaf)
• nosecone: expose Options, deprecate NoseconeOptions (#4855) (c504315)
• nosecone: expose named export, deprecate default (#4878) (e7607de)
• protocol: add hasAsn, deprecate hasASN (#4889) (4990e80)
• protocol: remove enum-like objects (#5053) (cc76e1c)
• sprintf: expose named export, deprecate default (#4875) (a2624b4)
• tsconfig: remove @arcjet/tsconfig (#5022) (fdca6a9)

⌨️ Code Refactoring

• ip: rename identifiers to match other casing (#4723) (4cbd844)
• logger: replace abbreviations with words (#4853) (de963dc)
• logger: use more specific type than unknown (#4873) (5025378)
• protocol: remove unneeded type utility (#4859) (0a638ae)
• redact: improve types around custom entities (#4883) (0b09945)
• redact: remove repetition in code (#4881) (191ccb7)
• redact: reuse exposed types (#4856) (2380307)
• sprintf: replace abbreviations with words (#4857) (13bac85)

📚 Tests

• protocol: add type guard tests for ArcjetIpDetails (#4888) (98072bc)

✅ Continuous Integration

• lock actions to shas (#4971) (5efd131)